Firewall Authentication

LUCAS ZULUAGA PEREZ

NSE5*
CERTIFIED ETICAL HACKER
CCNP R&S, CCNP SECURITY, CCDP

© Copyright Fortinet Inc. All rights reserved. Last Modified: 8 May 2019
Firewall Authentication
• It includes the authentication of users and user groups.
o It is more reliable than just IP address and device-type authentication.
o Users must authenticate by entering valid credentials.
• After FortiGate identifies the user or device, FortiGate applies firewall policies and
profiles to allow or deny access to each specific network resource.

?
2
FortiGate Methods of Firewall Authentication
• Local password authentication
o User name and password stored on FortiGate
• Server-based password authentication (also called remote password
authentication)
o Password stored on a POP3, RADIUS, LDAP, and TACACS+ server
• Two-factor authentication
o Enabled on top of an existing method
o Requires something you know and something you have (token or certificate)

3
Local Password Authentication
• User accounts created through • User accounts stored locally on
User & Device > User Definition FortiGate
o Works well for single FortiGate installations

2
User name and password
FortiGate

4
Server-Based Password Authentication
• Accounts are stored on a remote authentication server.
• Administrators can do one of the following:
o Create an account for the user locally, and specify the server to verify the password.
o Add the authentication server to a user group.
• All users in that server become members of the group.

1 4
OK

2 3
Username and password Username and password
FortiGate Remote Server